Bugtraq mailing list archives
dcd3 fix src.
From: mreichma () LYNX DAC NEU EDU (Marc Reichman)
Date: Tue, 26 May 1998 15:13:39 -0400
This is a multi-part message in MIME format.
--------------B8F35AD556BCC9FA58EDB9C5
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
antidcd, a daemon by 'faraway-' on EFNet irc.
--------------B8F35AD556BCC9FA58EDB9C5
Content-Type: text/plain; charset=us-ascii; name="antidcd.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="antidcd.c"
// by far
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/ip_tcp.h>
#include <netinet/ip_udp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/utsname.h>
#include <stdlib.h>
struct udphdr *udp;
struct iphdr *ip;
unsigned short in_cksum(addr, len)
u_short *addr;
int len;
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *w++;
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *) (&answer) = *(u_char *) w;
sum += answer;
}
sum = (sum >> 17) + (sum & 0xffff);
sum += (sum >> 17);
answer = -sum;
return (answer);
}
void send_reply ( unsigned int l_port, unsigned long int *l_addr, unsigned int r_port, unsigned long int *r_addr)
{
int sen;
struct sockaddr_in dstaddr;
struct udphdr *udp_l;
struct iphdr *ip_l;
char disc_pack[10];
int pack_size = sizeof(struct iphdr) +sizeof(struct udphdr) + 9;
char *packet = malloc(pack_size);
ip_l = (struct iphdr *) packet;
udp_l = (struct udphdr *) (packet + sizeof(struct iphdr));
memset(packet, 0, pack_size);
strcpy(disc_pack, "\x00\x10\x00\x09\xff\xff\0xff\0xff\0x02") ;
memcpy(&packet[pack_size-9], disc_pack,9);
memcpy(&ip_l->saddr, l_addr,4);
memcpy(&ip_l->daddr, r_addr,4);
ip_l->version = 4;
ip_l->ihl = 5;
ip_l->ttl = 255;
ip_l->protocol = IPPROTO_UDP;
ip_l->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + 9);
ip_l->check = in_cksum(ip_l, sizeof(struct iphdr));
udp_l->source = l_port;
udp_l->len = htons(sizeof(struct udphdr) + 9);
udp_l->dest = r_port;
memset(&dstaddr, 0, sizeof(struct sockaddr_in));
dstaddr.sin_family = AF_INET;
memcpy(&dstaddr.sin_addr, r_addr, 4);
printf("%d.%d.%d.%d[%d] < %d.%d.%d.%d[%d]\n",
((unsigned char *)&dstaddr.sin_addr)[0],
((unsigned char *)&dstaddr.sin_addr)[1],
((unsigned char *)&dstaddr.sin_addr)[2],
((unsigned char *)&dstaddr.sin_addr)[3],
ntohs(udp_l->dest),
((unsigned char *)&ip_l->saddr)[0],
((unsigned char *)&ip_l->saddr)[1],
((unsigned char *)&ip_l->saddr)[2],
((unsigned char *)&ip_l->saddr)[3],
ntohs(udp_l->source));
sen = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
sendto(sen, packet, pack_size,
0, (struct sockaddr *) &dstaddr,
sizeof(struct sockaddr_in));
close(sen);
}
int main ( int argc, char **argv )
{
int sock, fromlen, n, i;
static struct sockaddr_in from;
char *recvpack, temp[1024];
unsigned int x, debug=0, write=0;
FILE *outfile;
if (getuid()!=0)
{
printf("Tell me your joking.. running it without root?\n");
exit(0);
}
recvpack=(char*)malloc(4096);
sock=socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
printf("Opened raw socket %d\nBeginning protection! ;-)\n", sock);
for (;;)
{
memset(&recvpack[0], 0, 4096);
fromlen = sizeof(from);
if ( (n = recvfrom(sock, recvpack, 4096, 0,
(struct sockaddr *) &from, &fromlen)) < 0)
{
continue;
}
x=n;
ip = (struct iphdr *) &recvpack[0];
udp = (struct udphdr *) (&recvpack[sizeof(struct iphdr)]);
printf("%d.%d.%d.%d[%d] > %d.%d.%d.%d[%d] sz=%d(+%d)\n",
((unsigned char *)&from.sin_addr)[0],
((unsigned char *)&from.sin_addr)[1],
((unsigned char *)&from.sin_addr)[2],
((unsigned char *)&from.sin_addr)[3],
ntohs(udp->source),
((unsigned char *)&ip->daddr)[0],
((unsigned char *)&ip->daddr)[1],
((unsigned char *)&ip->daddr)[2],
((unsigned char *)&ip->daddr)[3],
ntohs(udp->dest),
x-(sizeof (struct iphdr)+sizeof (struct udphdr)),
(sizeof (struct iphdr)+sizeof (struct udphdr)));
if ( memcmp(&recvpack[(sizeof (struct iphdr)+sizeof (struct udphdr))], "\x00\x01\x04\x08", 4) == 0)
{
printf("[*] Possible DCD3C flood detected (from: %d.%d.%d.%d), sending back disconnects.\n", ((unsigned char
*)&from.sin_addr)[0],((unsigned char *)&from.sin_addr)[1],((unsigned char *)&from.sin_addr)[2],((unsigned char
*)&from.sin_addr)[3]);
send_reply(udp->dest, (unsigned long int*)&ip->daddr, udp->source, (unsigned long int *)&from.sin_addr.s_addr);
}
}
}
--------------B8F35AD556BCC9FA58EDB9C5--
Current thread:
- dcd3 fix src. Marc Reichman (May 26)